Geek Answers Handbook

Authentication processing Result from different vendors on the same page

I am integrating OpenID into an existing application with LiveID and Google providers. On my login page, in addition to the original input fields, I added "Sign in to Google" and "Sign in with Microsoft."

I can successfully read AuthenticationResult data for both providers above, but I do it as follows ...

For the new login buttons, I created a return URL to distinguish them when the user returns:

Protected Sub btn_google_Click(sender As Object, e As EventArgs) Handles btn_google.Click Dim client As New GoogleOpenIdClient Dim u As New System.Uri("http://www.mytest.com/login.aspx?action=signin&provider=google") client.RequestAuthentication(New HttpContextWrapper(HttpContext.Current), u) End Sub Protected Sub btn_live_Click(sender As Object, e As EventArgs) Handles btn_live.Click Dim client As New MicrosoftClient("xyz", "12345") Dim u As New System.Uri("http://www.mytest.com/login.aspx?action=signin&provider=microsoft") client.RequestAuthentication(New HttpContextWrapper(HttpContext.Current), u) End Sub

Therefore, when the user is redirected back to login.aspx, I then perform the following checks to process the login functions:

 If Not Page.IsPostBack Then If Request.QueryString("action") IsNot Nothing AndAlso Request.QueryString("action").Trim = "signin" Then If Request.QueryString("provider") IsNot Nothing AndAlso Request.QueryString("provider").Trim <> String.Empty Then Select Case Request.QueryString("provider").Trim Case "microsoft" Dim client As New MicrosoftClient("xyz", "12345") Dim u As New System.Uri("http://www.mytest.com/loginlive.aspx?action=signin&provider=microsoft") Dim result As DotNetOpenAuth.AspNet.AuthenticationResult = client.VerifyAuthentication(New HttpContextWrapper(HttpContext.Current), u) ' remainder of logic removed ' ... Case "google" Dim client As New GoogleOpenIdClient Dim result As DotNetOpenAuth.AspNet.AuthenticationResult = client.VerifyAuthentication(New HttpContextWrapper(HttpContext.Current)) ' remainder of logic removed ' ... End Select End End End If

My main question here is, is this a good way to handle authentication? Or is there a better / safer / smarter way to do the same?

+6
source share
1 answer

It is best to use the Abstract Factory pattern in conjunction with the Command Pattern. Which can reduce hard coding, as well as have loosely coupled code, so you can expand the functionality in the future for each authentication provider. Find a snippet of each section of code below

Abstract class for BaseAuthentication provider

 public abstract class BaseAuthenticationProvider { //abstract Methods that need to be invoked from the concrete class, this need to be decided based on the functionality you need to achieve. This function would be invoked using the command pattern. // AuthorizeUser() : this method would be invoked to authorize the user from the provider //AuthenticateUser() : this method would be invoked once the user is redirected from the provider site. //abstract Properties that will hold the base information for the authentication provider, this need to be decided based on the functionality you need to achieve //CustomerSecret //CustomerConsumerKey }

Use the following code snippet to implement a specific class for Gooogle, Yahoo, Microsoft, etc.

 public class GoogleAuthentication : BaseAuthenticationProvider { public GoogleAuthentication() { //initialization } public void AuthorizeUser() { //code } public string CustomerSecret() { //code } public string CustomerConsumerKey() { //code } }

Factory class to create a specific object , to prevent the creation of an instance of this Factory class to implement a private constructor.

 public class AuthenticationProviderFactory { private AuthenticationProviderFactory() { } public static BaseAuthenticationProvider GetInstance(string Domain) { switch (Domain) { case "google": return new GoogleAuthentication(); case "yahoo": return new YahooAuthentication(); } } }

Login.aspx: have buttons for each authentication provider, set a value for "CommandName" for each of the buttons and associate all buttons with the same event handler

eg. btn_google.CommandName = "google"

 Protected Sub AuthenticationProvider_Click(sender As Object, e As EventArgs) Handles btn_google.Click, btn_yahoo.Click AuthenticationProviderFactory.GetInstance(((Button)sender).CommandName).AuthorizeUser(); End Sub

The appropriate AuthorizeUser method will invoke the appropriate provider site for authentication. When the provider redirects the user to the return URL, apply the same pattern in the Page_Load event and call the Autheticate method from the abstract class.

+1
source

More articles:


All Articles